netdev
[Top] [All Lists]

Re: Memory leak in 2.6.11-rc1?

To: Russell King <rmk+lkml@xxxxxxxxxxxxxxxx>
Subject: Re: Memory leak in 2.6.11-rc1?
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Sun, 30 Jan 2005 18:23:10 +0100
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>, Robert.Olsson@xxxxxxxxxxx, akpm@xxxxxxxx, torvalds@xxxxxxxx, alexn@xxxxxxxxx, kas@xxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <20050130132343.A25000@flint.arm.linux.org.uk>
References: <20050124114853.A16971@flint.arm.linux.org.uk> <20050125193207.B30094@flint.arm.linux.org.uk> <20050127082809.A20510@flint.arm.linux.org.uk> <20050127004732.5d8e3f62.akpm@osdl.org> <16888.58622.376497.380197@robur.slu.se> <20050127164918.C3036@flint.arm.linux.org.uk> <20050127123326.2eafab35.davem@davemloft.net> <20050128001701.D22695@flint.arm.linux.org.uk> <20050127163444.1bfb673b.davem@davemloft.net> <20050128085858.B9486@flint.arm.linux.org.uk> <20050130132343.A25000@flint.arm.linux.org.uk>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20050106 Debian/1.7.5-1
Russell King wrote:

I don't know if the code is using fragment lists in ip_fragment(), but
on reading the code a question comes to mind: if we have a list of
fragments, does each fragment skb have a valid (and refcounted) dst
pointer before ip_fragment() does it's job?  If yes, then isn't the
first ip_copy_metadata() in ip_fragment() going to overwrite this
pointer without dropping the refcount?

Nice spotting. If conntrack isn't loaded defragmentation happens after
routing, so this is likely the cause.

Regards
Patrick


<Prev in Thread] Current Thread [Next in Thread>